Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method, comprising: performing operations in an enterprise fabric network, including a plurality of nodes which includes a first edge node and a second edge node, with a routable address space within the enterprise fabric network not including destination addresses of packets received from external sources, and with the first edge node having a first network address and a service address; wherein said operations include: maintaining a mapping database including mappings between a plurality of external addresses and the service address, and between other external addresses and addresses of edge nodes of the plurality of nodes; forwarding each particular packet of a plurality of packets externally received by edge nodes of the plurality of nodes to an edge node associated with the service address, which includes determining the service address from a lookup operation in the mapping database based on a destination address of said particular packet, and encapsulating said particular packet in an enterprise fabric transport packet including the service address as a destination address, and sending the enterprise fabric transport packet into the enterprise fabric network; and during the operation of said forwarding the plurality of packets: associating the service address with the second edge node also having a second network address, and converging the routable address space such that enterprise fabric transport packets having a destination address of the service address are now communicated to the second edge node without changing said mappings between the plurality of external addresses and the service address.
A method for service mobility in an enterprise network involves moving a service between edge nodes without updating external address mappings. The enterprise network, composed of multiple nodes including edge nodes, has a private address space. A mapping database links external addresses to service addresses and edge node addresses. Packets from external sources are initially forwarded to a first edge node associated with a specific service address. The database lookup uses the destination address of incoming packets to determine the service address, and the packet is encapsulated for internal routing. During operation, the service address is reassigned to a second edge node. The internal network routing adapts to send traffic destined for the service address to the second edge node, without modifying the external address to service address mappings in the database.
2. The method of claim 1 , wherein the enterprise fabric network uses Locator/ID Separation Protocol (LISP), including: each of the plurality of external addresses being an Endpoint ID (EID), each of first and second edge nodes being an Egress Tunnel Router (ETR), each of the service address and first and second network addresses being a Routing Locator (RLOC), and the mapping database including EIDs-to-RLOCs mappings.
The method described above, where the enterprise network uses the Locator/ID Separation Protocol (LISP), translates to the following: External addresses are Endpoint IDs (EIDs). The first and second edge nodes are Egress Tunnel Routers (ETRs). The service address and the first and second network addresses are Routing Locators (RLOCs). The mapping database stores EID-to-RLOC mappings. This means that LISP is used to separate the identity of the external address (EID) from its location within the network (RLOC), allowing for flexible service mobility by changing the RLOC associated with a service without affecting the EIDs.
3. The method of claim 2 , including: applying a service to packets of the plurality of packets externally received by edge nodes of the plurality of nodes by a first service node accessible to the enterprise fabric network via the first edge node when the operation of said forwarding the plurality of packets commences; and applying the service to packets of the plurality of packets externally received by edge nodes of the plurality of nodes by a second service node accessible to the enterprise fabric network via the second edge node after said associating and converging operations.
In the LISP-based service mobility method, a service is initially applied to incoming packets by a first service node accessible through the first edge node. After the service address is associated with the second edge node and the network routing converges, the service is then applied to incoming packets by a second service node accessible through the second edge node. This allows for seamless transition of service processing from one location to another within the enterprise network without disrupting external traffic flow, by ensuring packets are always sent to a service node (either the first or second) that can handle them.
4. The method of claim 3 , wherein the service is a firewall service.
The method described in the previous claim, where service is applied by first and second service nodes, specifies that the service being applied is a firewall service. The firewall service is dynamically moved from a service node reachable via a first edge node to a service node reachable via a second edge node, enabling network administrators to relocate security functions without needing to reconfigure external devices.
5. The method of claim 1 , including: applying a service to packets of the plurality of packets externally received by edge nodes of the plurality of nodes by a first service node accessible to the enterprise fabric network via the first edge node when the operation of said forwarding the plurality of packets commences; and applying the service to packets of the plurality of packets externally received by edge nodes of the plurality of nodes by a second service node accessible to the enterprise fabric network via the second edge node after said associating and converging operations.
In the enterprise network service mobility method, a service is initially applied to incoming packets by a first service node connected via the first edge node. After associating the service address with the second edge node and re-routing traffic, the service is then applied to incoming packets by a second service node connected via the second edge node. This ensures continuous service availability by seamlessly transitioning the service from one node to another without affecting external clients, thus maintaining operational integrity during service migration or failover scenarios.
6. The method of claim 5 , wherein said mappings between the plurality of external addresses and the service address includes mappings between the plurality of external addresses in a pre-service context and the service address; wherein said maintaining the mapping database includes mappings between the plurality of external addresses in a post-service context and network addresses of edge nodes of the plurality of edge nodes; and wherein the lookup operation in the mapping database based on the destination address of said particular packet is performed in a pre-service context.
In the enterprise network service mobility method, the mappings between external addresses and the service address are specifically for a "pre-service context." The mapping database also includes mappings between external addresses in a "post-service context" and the network addresses of the edge nodes. The lookup operation, which identifies the service address from the packet's destination, is performed in the pre-service context. This allows the network to differentiate between packets that still need the service and packets that have already been processed, enabling context-aware routing and service application.
7. The method of claim 6 , comprising: receiving a post-service processed said particular packet by either the first edge node or the second edge node; performing a lookup operation in the mapping database of a destination address of the post-service processed said particular packet in the post-service context resulting in the identification of a particular network address of an edge node of the plurality of nodes or a second service address; encapsulating said the post-service processed said particular packet in a second enterprise fabric transport packet including the particular network address or the second service address as a destination address; and sending the second enterprise fabric transport packet into the enterprise fabric network.
Following the service application, the processed packet is received by either the first or second edge node. A lookup operation is performed on the destination address of the processed packet, but this time using the "post-service context." The lookup result is either a particular network address of an edge node or a second service address. The processed packet is then encapsulated again into a second transport packet, with the destination set to the identified network address or second service address, and sent into the network. This enables forwarding of packets to their final destination after processing.
8. The method of claim 7 , wherein the pre-service context is a virtual network (VN) identifier, and the post-service context is a different VN identifier.
The pre-service and post-service contexts are defined as different Virtual Network (VN) identifiers. This means packets are routed based on the virtual network they belong to. Packets requiring a service are looked up based on the "pre-service" VN ID, and packets that have received service will use the "post-service" VN ID. This allows the network to isolate traffic based on service status and ensures packets are routed correctly depending on where they are in the service chain.
9. The method of claim 7 , wherein each of the pre-service and post-service context is a network address of the edge node of the plurality of nodes performing the lookup operation in the mapping database.
The pre-service and post-service context are the network addresses of the edge nodes performing the lookup. This allows the network to differentiate routing based on the ingress edge node. Lookups are performed using the ingress edge node's address as the context, which directs traffic to the correct service or destination based on which edge node initially received the traffic.
10. The method of claim 7 , wherein the enterprise fabric network uses Locator/ID Separation Protocol (LISP), including: each of the plurality of external addresses being an Endpoint ID (EID), each of first and second edge nodes being an Egress Tunnel Router (ETR), each of the service address and first and second network addresses and the second service address and the particular network address being a Routing Locator (RLOC), and the mapping database including EIDs-to-RLOCs mappings in pre-service and post-service contexts.
The service mobility method, utilizing pre-service and post-service contexts, is implemented with LISP. External addresses are Endpoint IDs (EIDs). The service address, first and second network addresses, the second service address, and the particular network address are all Routing Locators (RLOCs). The mapping database stores EID-to-RLOC mappings for both pre-service and post-service contexts. This leverages LISP's separation of identity and location to route packets differently based on whether they have received service, all while maintaining consistent EID-to-RLOC mappings for each context.
11. A method, comprising: performing operations in an enterprise fabric network, including a plurality of nodes which includes a first edge node, with a routable address space within the enterprise fabric network not including destination addresses of packets received from external sources, and with the first edge node having a first network address and a service address; wherein said operations include: maintaining a mapping database including mappings between a plurality of external addresses in a pre-service context and the service address, and between the plurality of external addresses in a post-service context and network addresses of edge nodes of the plurality of nodes; performing a lookup operation in the mapping database in the pre-service context on a destination address of a particular packet externally received by an edge node of the plurality of nodes resulting in the identification of the service address; encapsulating said particular packet in an enterprise fabric transport packet including the service address as a destination address; sending said encapsulated particular packet into the enterprise fabric network; decapsulating said particular packet from said encapsulated particular packet by the first edge node; sending said particular packet to an external service node by the first edge node; receiving by an edge node of the plurality of nodes the particular packet after the service has been applied; performing a lookup operation in the mapping database in the post-service context on the destination address of the particular packet after the service has been applied resulting in the identification of a particular network address of an edge node of the plurality of edge nodes; encapsulating said particular packet after the service has been applied in a second enterprise fabric transport packet including the particular network address as a destination address; and sending said second enterprise fabric transport packet into the enterprise fabric network.
A method for service delivery in an enterprise fabric network involves maintaining a mapping database that includes mappings between external addresses in a "pre-service context" and a service address, as well as mappings between the same external addresses in a "post-service context" and edge node addresses. An incoming packet's destination address is looked up in the database using the pre-service context, resulting in the identification of the service address. The packet is encapsulated and forwarded. A first edge node decapsulates the packet and sends it to an external service node. After the service is applied, the packet returns, and its destination is looked up again, this time in the post-service context, identifying the destination edge node address, encapsulating, and sending it toward its final destination.
12. The method of claim 11 , wherein the enterprise fabric network uses Locator/ID Separation Protocol (LISP), including: each of the plurality of external addresses being an Endpoint ID (EID), each of the service address and particular network address being a Routing Locator (RLOC), and the mapping database including EIDs-to-RLOCs mappings in pre-service and post-service contexts.
The service delivery method is implemented with LISP. External addresses are Endpoint IDs (EIDs). The service address and particular network address are Routing Locators (RLOCs). The mapping database includes EID-to-RLOC mappings in both pre-service and post-service contexts. Therefore, LISP separates identity and location, enabling routing based on whether a service has been applied, via different EID-to-RLOC mappings.
13. The method of claim 12 , wherein the pre-service context is a virtual network (VN) identifier, and the post-service context is a different VF identifier.
The pre-service context uses a Virtual Network (VN) identifier, and the post-service context uses a different VN identifier. This means the packet's virtual network association determines whether it gets sent to the service (pre-service VN) or its final destination (post-service VN) after the service has been applied.
14. The method of claim 12 , wherein each of the pre-service and post-service context is a network address of the edge node of the plurality of nodes performing the lookup operation in the mapping database.
The pre-service and post-service context are network addresses of the edge nodes performing the lookup. So the ingress edge node determines routing decisions. The lookup result, and where the traffic is sent next, depends on the ingress edge node's address (the context).
15. The method of claim 11 , wherein the pre-service context is a virtual network (VN) identifier, and the post-service context is a different VF identifier.
The pre-service context is a Virtual Network (VN) identifier, and the post-service context is a different VF identifier. Therefore, each packet is associated with a virtual network before receiving a service, and after receiving the service, it is associated with a different virtual network that allows proper routing to the ultimate destination.
16. The method of claim 11 , wherein each of the pre-service and post-service context is a network address of the edge node of the plurality of nodes performing the lookup operation in the mapping database.
The pre-service and post-service contexts are network addresses of the edge nodes. Therefore, the location of the edge node performing the lookup determines the routing decision. The network distinguishes between traffic that still needs service application and traffic that has already received the service based on which edge node it originates from.
17. A method, comprising: performing networking operations in an enterprise fabric network, including a plurality of nodes which includes a plurality of edge nodes, with a routable address space within the enterprise fabric network not including destination addresses of packets received from external sources, and with each of the plurality of edge nodes having a network address; wherein said networking operations include: maintaining a mapping database including mappings between a plurality of external addresses and one or more service or network addresses for each of a plurality of contexts; and for each particular externally received packet of a plurality of externally received packets by any edge node of the plurality of edge nodes, performing particular operations on said particular externally received packet on a same destination address of said particular externally received packet on a same edge node or different edge nodes of the plurality of edge nodes in at least two different contexts of the plurality of contexts, with said particular operations including: performing a lookup operation in the mapping database in a current context of the plurality of contexts currently associated with said particular externally received packet on a destination address of said particular externally received packet resulting in the identification of a particular service or network address, encapsulating said particular packet in an enterprise fabric transport packet including said identified particular service or network address as a destination address, and sending the enterprise fabric transport packet into the enterprise fabric network.
In an enterprise fabric network, a method is used to handle packets based on context. The network has edge nodes with routable addresses. A mapping database links external addresses to service or network addresses for various contexts. When a packet is received by an edge node, the system performs lookups in the mapping database using a context associated with the packet. Based on the context, the lookup identifies a service or network address. The packet is then encapsulated with this address and sent into the network. This allows the same destination address to be handled differently depending on the current context of the packet.
18. The method of claim 17 , wherein the enterprise fabric network uses Locator/ID Separation Protocol (LISP), including: each of the plurality of external addresses being an Endpoint ID (EID), each of the service and network addresses being a Routing Locator (RLOC), and the mapping database including EIDs-to-RLOCs mappings in each of the plurality of contexts.
In the context-aware packet handling method, the enterprise fabric network uses LISP. External addresses are Endpoint IDs (EIDs), and service and network addresses are Routing Locators (RLOCs). The mapping database stores EID-to-RLOC mappings for each context. Therefore, LISP's separation of identity and location is used to make routing decisions based on context, by associating different RLOCs with the same EID based on the current context.
19. The method of claim 17 , wherein said two different contexts includes a pre-service and post-service context for a service applied to said particular externally received packet.
The two different contexts for handling a packet include a pre-service and post-service context for a service applied to the packet. Therefore, a pre-service context would be used before a packet has been routed through a service (such as a firewall), and a post-service context would be used after that service has been applied.
20. The method of claim 19 , wherein each of the plurality of contexts is a different virtual network (VN) identifier or a network address of an edge node of the plurality of nodes performing the lookup operation in the mapping database.
The plurality of contexts are virtual network (VN) identifiers or network addresses of the edge nodes performing the lookup in the mapping database. The context can be a VN, where each VN uses different routing policies, or the context can be an edge node, where packets get routed based on the edge node that initially receives them.
21. An enterprise fabric network, including: a plurality of nodes which includes a first edge node and a second edge node, with a routable address space within the enterprise fabric network not including destination addresses of packets received from external sources, and with the first edge node having a first network address and a service address; wherein the plurality of nodes maintain a mapping database including mappings between a plurality of external addresses and the service address, and between other external addresses and addresses of edge nodes of the plurality of nodes; wherein edge nodes of the plurality of nodes receive forward each particular packet of a plurality of packets externally received by a corresponding edge node and forward to another edge node associated with the service address, which includes determining the service address from a lookup operation in the mapping database based on a destination address of said particular packet, and encapsulating said particular packet in an enterprise fabric transport packet including the service address as a destination address, and sending the enterprise fabric transport packet into the enterprise fabric network; and wherein during the operation of said forwarding the plurality of packets: associating the service address with the second edge node also having a second network address, and converging the routable address space such that enterprise fabric transport packets having a destination address of the service address are now communicated to the second edge node without changing said mappings between the plurality of external addresses and the service address.
An enterprise fabric network comprises multiple nodes, including a first and second edge node. The network has a private routable address space. The first edge node has a network address and a service address. A mapping database maps external addresses to the service address and other external addresses to addresses of edge nodes. Packets from external sources are received and forwarded to an edge node associated with the service address based on a lookup. Packets are encapsulated with the service address and sent. The service address is associated with the second edge node. The routing converges, so packets destined for the service address are sent to the second edge node, without changing the external address mappings to the service address.
22. The enterprise fabric of claim 21 , wherein the enterprise fabric network uses Locator/ID Separation Protocol (LISP), including: each of the plurality of external addresses being an Endpoint ID (EID), each of first and second edge nodes being an Egress Tunnel Router (ETR), each of the service address and first and second network addresses being a Routing Locator (RLOC), and the mapping database including EIDs-to-RLOCs mappings.
The enterprise fabric network using LISP separates identity and location. External addresses are Endpoint IDs (EIDs). The first and second edge nodes are Egress Tunnel Routers (ETRs). The service address, and first and second network addresses are Routing Locators (RLOCs). The mapping database holds EID-to-RLOC mappings. Thus, LISP's separation of concerns allows the network to reroute traffic by simply remapping RLOCs without having to update EIDs.
Unknown
December 5, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.